Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Upgraded to XG18, now some firewall policies no longer work.

I just updated the firewall to the GA release of 18, now my VPN appears busted. I can see the rule allows the traffic in, but its blocking the traffic leaving.

2020-02-19 08:31:17Firewallmessageid="01001" log_type="Firewall" log_component="Invalid Traffic" log_subtype="Denied" status="Deny" con_duration="0" fw_rule_id="17" nat_rule_id="10" policy_type="1" user="bhawkins" user_group="Open Group" web_policy_id="0" ips_policy_id="0" appfilter_policy_id="0" app_name="Windows Remote Desktop" app_risk="3" app_technology="Client Server" app_category="Remote Access" vlan_id="0" ether_type="IPv4 (0x0800)" bridge_name="" bridge_display_name="" in_interface="" in_display_interface="" out_interface="" out_display_interface="" src_mac="" dst_mac="" src_ip="10.100.1.10" src_country="R1" dst_ip="172.16.24.2" dst_country="R1" protocol="TCP" src_port="3389" dst_port="54367" packets_sent="0" packets_received="0" bytes_sent="0" bytes_received="0" src_trans_ip="" src_trans_port="0" dst_trans_ip="" dst_trans_port="0" src_zone_type="" src_zone="" dst_zone_type="" dst_zone="" con_direction="" con_id="" virt_con_id="" hb_status="No Heartbeat" message="Invalid TCP state." appresolvedby="Signature" app_is_cloud="0"

 

The Rule 17 is an allow all from VPN to LAN. All of this worked in 17.9 I'm tempted to roll back as maybe there is an issue in the migration of firewall rules.



This thread was automatically locked due to age.
Parents
  • Invalid TCP State is the issue.

    could be the Applications has some issues. 

    Those Packets are the Server to Client packets. (Source: 3389).

    Please verify, the RDP works fine on a Application Level? Maybe RDP denies the connection on the server. 

    __________________________________________________________________________________________________________________

Reply
  • Invalid TCP State is the issue.

    could be the Applications has some issues. 

    Those Packets are the Server to Client packets. (Source: 3389).

    Please verify, the RDP works fine on a Application Level? Maybe RDP denies the connection on the server. 

    __________________________________________________________________________________________________________________

Children